Associate Security Operations Analyst

Associate Security Operations Analyst

London

Employee - Permanent 

Our Story

Hello there. We're Zopa.

We started our journey back in 2005, building the first ever peer-to-peer lending company. Fast forward to 2020 and we launched Zopa Bank. A bank that listens to what our customers don't like about finance and does the opposite. We're redefining what it feels like to work in finance. Our vision for a new era of banking puts people front and centre - we've built a business that empowers everyone to aim high, every day, to move finance forward. Find out more about our fantastic offerings at Zopa.com! 

We're incredibly proud of our achievements and none of it would be possible without the amazing team here. It's not just industry awards we're winning, we've also been named in the top three UK's Most Loved Workplaces. 

If you embrace unconventional challenges, are unafraid to think differently and are driven to make an outsized impact, you'll thrive here at Zopa, so join us, and make it count. Want to see us in action? Follow us on Instagram @zopalife

The team

The Information Security team has 16 people. It's made up of Security Operations, Identity and Access Management, Security Engineering and Product Security sub-teams.

Our Security Operations team handle and enhance Zopa Bank's overall security posture by both identifying, detecting, analysing, and responding to security events and potential incidents by building improved prevention capabilities. Their efforts protect Zopa Bank from a range of internal and external threats.

The role:

 

• Your role as the Associate Security Operations Analyst is a pivotal one within our IT security team and reports to our Security Operations Manager
• You would be tasked with reviewing and responding to security event tickets created in Jira. This involves a thorough analysis of the security event, an assessment of its impact, and the determination of an appropriate response. The role is not just reactive but also proactive, involving security risk evaluation and incident response activities. These activities include scoping, identifying/detecting, containing, eradicating security incidents and planning improvement activities
• In addition to these responsibilities, you would be expected to monitor various security tools and systems, including the Security Information and Event Management (SIEM) tool, for any unusual activity. As you gain experience, you may progress to designing and implementing monitoring and detection rules in the SIEM tool, such as Splunk. This involves the creation of rules that trigger alerts for specific types of security events, aiding in the early detection of potential threats
• Another key aspect of the role is reporting and documentation. You would be responsible for creating reports on security incidents and maintaining documentation related to security procedures and incidents. Given the ever-evolving nature of cybersecurity threats, you would be expected to continuously update your knowledge about the latest security threats and defence mechanisms

About you:

• Review and Respond to Security Event Tickets: You will need basic analytical skills to assess the nature of security events, determine their impact, and decide on the appropriate response based on established playbooks. Training and guidance will be provided
• Incident Response Activities: You should be ready to participate in incident response activities, including scoping, identifying/detecting, containing, and eradicating security incidents. You will also help plan improvement activities, with support from senior team members
• Monitoring Security Tools and Systems: You will monitor various security tools and systems, such as the Security Information and Event Management (SIEM) tool, Endpoint Detection and Response (EDR), and Data Loss Prevention (DLP) systems for any unusual activity. Attention to detail and vigilance are important
• Design and Implement Rules: As you gain experience, you will have the opportunity to design and implement rules in our SIEM tool, Splunk, and make configuration changes in other security tools. This will require a growing understanding of security principles and technical skills
• Reporting and Documentation: You will be responsible for creating reports on security incidents and maintaining documentation related to security procedures and incidents. Strong written communication skills are beneficial
• Effective Communication: You must have effective communication skills to collaborate with team members and escalate events and incidents to senior analysts/engineers. Teamwork and clear communication are key to success in this role

Added bonus:

• Familiarity with SIEM tools (e.g. Splunk, QRadar or ArcSight) or basic scripting knowledge (e.g. Python or PowerShell)
• Certifications like CompTIA CySA+ or CompTIA Security+ or Certified Ethical Hacker (CEH)
• Training in incident response or network security

We're on the move! 

Towards the end of 2025 Zopa will be relocating to a brand-new headquarters at 20 Water Street in Canary Wharf. The 44,000 square foot workspace will foster collaboration and inspire creativity for our 900 employees amidst our 2025 growth blitz.

At Zopa we value flexible ways of working.

We value face-to-face collaboration and a good work-life balance. This hybrid role requires you to come to our London office 2-3 days a week.

You'll also have the option of working from abroad for up to 120 days a year!* But no matter where you are, we'll make sure you've got everything you need to thrive, both in your work and home life, from day one.

*Subject to having the right to work in the country of choice

Diversity Statement

Zopa is proud to offer a workplace free from discrimination. Diversity of experience, perspectives, and backgrounds leads to better products for our customers and a unique company culture for our people. We are made up of nearly 50 nationalities, have a DE&I forum made up of Zopians wanting to make a difference and we are proud of our culture where everyone can bring their full self to work. Our approach to DE&I is reflected in our hiring process so please let us know if you require any reasonable adjustments.